Fix for building with TLS 1.3 only when AES CBC is enabled. Algorithm is allowed to be enabled, but the AES CBC cipher suites should not be. Fixed AEAD enable to check AES CBC based on `HAVE_AES_CBC` define.

2018-08-20 16:29:48 -07:00 · 2018-08-20 16:29:48 -07:00 · 389f56b5c7
parent b12386fbb1
commit 389f56b5c7
2 changed files with 7 additions and 2 deletions
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@ -249,6 +249,11 @@

 #ifndef WOLFSSL_MAX_STRENGTH

+#ifdef WOLFSSL_AEAD_ONLY
+    /* AES CBC ciphers are not allowed in AEAD only mode */
+    #undef HAVE_AES_CBC
+#endif
+
 #ifndef WOLFSSL_AEAD_ONLY
    #if !defined(NO_RSA) && !defined(NO_RC4)
        #if defined(WOLFSSL_STATIC_RSA)
@ -282,7 +287,7 @@
            #define BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
        #endif
    #endif
-#endif
+#endif /* !WOLFSSL_AEAD_ONLY */

    #if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
        #if !defined(NO_SHA) && defined(HAVE_AES_CBC)
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@ -1548,7 +1548,7 @@ extern void uITRON4_free(void *p) ;
 #endif

 #if (defined(WOLFSSL_TLS13) && defined(WOLFSSL_NO_TLS12)) || \
-    (defined(NO_AES_CBC) && defined(NO_DES3) && defined(NO_RC4) && \
+    (!defined(HAVE_AES_CBC) && defined(NO_DES3) && defined(NO_RC4) && \
     !defined(HAVE_IDEA) && !defined(HAVE_NULL_CIPHER) && !defined(HAVE_HC128))
    #define WOLFSSL_AEAD_ONLY
 #endif